How do we do custom authentication?

We need to authenticate our users using their credit card information (note: not using their credit card number itself, but rather an irreversible token derived from it). We’d also like them to be able to authenticate via their phone number, and a user/password (any of these). Is this possible?

Hi @xenoterracide,

Welcome to the Community!

Can you elaborate on how this would work? Are you wanting them to just enter the CC# in a box and be logged in? Or is there a password involved and the CC# (or token) is essentially a username.

Username/pw will work of course. How do you want them to authenticate with the phone number? With passwordless sms, or using the phone number as username in conjunction with a password?

Are you looking to have all of these accounts linked, or just let users have options?

Let me know,

The credit card login is actually a swipe of the physical credit card, which generates a a one way fingerprint. So it’s just a token. I’m considering pairing this with a valid machine identifier so that the token can only be used in conjunction with a valid machine id, however the card token would not be restricted to just one machine.

I suspect both passwordless SMS, and phone number+username but I need to double check the requirements on this.

yes, these accounts would be linked.


I have not seen this use-case, but that does not mean it can’t be done! You would likely have to create some sort of unique identifier (token/fingerprint) from the card and format it into a username and password. Then you could use the password grant type to send the auth request via POST from the machine. I cannot speak to the security implications of the token creation, this is something that you will have to ensure is unique and secure.

This is possible, sms passwordless is already built. Phone number + password is basically username/password.

Accounts can be linked using our account linking feature. The automatic variation of this feature requires a unique identifier, common to all of the user’s accounts (think of a user logging in via username/password, then logging in via google social connection with the same email address). Email is the common identifier for the automatic account linking, so you may have to instead work through user initiated account linking if you don’t have a common identifier between sms, credit card, etc. This is all included in the doc below.

Hope this helps!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.